Systems and methods for identity verification using continuous biometric monitoring

ABSTRACT

Systems and methods for verifying the identity of a person operating a device are shown. In some representative embodiments, a method comprises authorizing a person to operate a device, continuously monitoring a biometric trait of a device operator, and using the monitored biometric trait of the device operator to verify, during operation of the device, whether the device operator is the authorized person. In other representative embodiments, a system comprises a biometric sensor associated with a device, and a continuous biometric monitoring (CBM) module coupled to the biometric sensor. The CBM module may be adapted to continuously acquire a one biometric sample from the device operator during operation of the device.

RELATED APPLICATIONS

The present application is related to co-pending and commonly assignedU.S. patent applications Ser. No. 10/217,149 entitled “SYSTEM AND METHODFOR CALL TREATMENT;” Ser. No. 10/642,532 entitled “CENTRALIZED CALLPROCESSING;” Ser. No. 10/701,549 entitled “SYSTEMS AND METHODS FORCROSS-HATCHING BIOMETRICS WITH OTHER IDENTIFYING DATA;” and Ser. No.11/334,522 entitled “SYSTEM AND METHOD FOR KEYWORD DETECTION IN ACONTROLLED ENVIRONMENT FACILITY USING A HYBRID APPLICATION;” thedisclosures of each of which are hereby incorporated herein by referencein their entirety.

TECHNICAL FIELD

The present invention relates generally to identity verification, andmore particularly, to identity verification using continuous biometricmonitoring.

BACKGROUND OF THE INVENTION

Some telecommunication providers offer services to residents ofcontrolled-environment facilities. Examples of controlled-environmentfacilities include prisons, police departments, hospitals, hospices,dorms, and camps, among others. In order to control, monitor, orrestrict telephone usage among its residents, a controlled-environmentfacility may employ a call processing system.

In a typical call processing system, a personal identification number(PIN) authorization mechanism may request that a resident provide a PINbefore placing or receiving a call. After the resident enters his or herPIN, the system determines the resident's identity and decides whetherto allow him or her to operate a telephone. The call processing systemmay then apply a set of calling restrictions or rules associated withthat resident. For example, some restrictions may prevent the residentfrom calling specific non-resident parties. Alternatively, otherrestrictions may only allow the resident to call specific parties and/ormay establish a maximum number of calls that can be made or received bythat resident at that time. Yet other restrictions may includepreventing the resident from initiating a three-way call, taking part ina conference call, or the like.

An alternative to PIN-based systems involves the use of biometrics. Theterm “biometrics” refers to technologies that measure and analyze humancharacteristics for authentication purposes. A biometrics-based callprocessing system may acquire a resident's biometric sample beforeallowing the resident to place or receive a call. The system may use thebiometric sample to determine the resident's identity, and it may thengrant access to a telephone while applying a set of rules orrestrictions associated with the resident.

The inventor hereof has discovered a number of problems with bothPIN-based and biometric-based authorization mechanisms. Particularly, aproblem unique to controlled-environment facilities such as prisons isthat inmates frequently attempt to circumvent identity verificationprocedures. For example, inmates may share, trade, buy, and sell PINs,which may then be used by any person in possession thereof. An inmatehaving another's PIN may gain access to the system while avoidingparticular call restrictions that would otherwise be applied to his orher calls. Moreover, an inmate may have his or her biometric featurescanned by a biometric authorization mechanism and, upon successfulcompletion of this initial authentication procedure, he or she may handthe phone to another inmate who actually conducts the call.Consequently, authorities seldom know with certainty which inmateactually participated through the entire course of a phone call, despitethe presence of a PIN and/or biometric identity verification procedure.

The inventor hereof has also identified a need to monitor and record theidentity of a person who is actually participating in a telephone call,even if that person's identity is not susceptible to verification priorto, or during the ongoing call. For instance, when a crime suspect isarrested, he or she has the right to make a phone call. During thisfirst phone call, the suspect may call a friend or a co-conspirator toprovide instructions regarding a crime in which the suspect is involved.Accordingly, it would be useful to law enforcement agencies to have theability to record the identity of that suspect while knowing withcertainty that it was he or she who actually conducted the entiretelephone conversation, even though his or her identity may only beultimately verified or matched at a later time.

BRIEF SUMMARY OF THE INVENTION

Aspects of the present invention are directed generally to identityverification using biometric monitoring. In certain embodiments, theidentity of a device operator may be verified through the continuousmonitoring of at least one of his or her biometric traits. Therefore,even after the successful completion of an initial authenticationprocedure by which the device operator gains access to a device,embodiments of the present invention may continuously verify theoperator's identity during operation of the device. The term“continuously,” as used herein, means “constantly” or “reoccurring inrapid succession.” As such, a record may be created which contains thebiometric traits and/or the identity of all persons who have operatedthe device since the original authentication procedure. In addition,where there may be a need to control or otherwise restrict usage of adevice according to access rules associated with a device operator, thepresent invention may allow these rules to be updated as a function ofwhich operator is actually using the device.

Certain embodiments of the present invention are particularly wellsuited for use in the monitoring of telephone calls between residentsand non-residents of controlled-environment facilities.Controlled-environment facilities include correctional facilities (e.g.,municipal jails, county jails, state prisons, federal prisons, militarystockades, juvenile facilities, detention camps, and home incarcerationenvironments), healthcare facilities (e.g., hospitals, nursing homes,mental health facilities, and rehabilitation facilities, such as drugand alcohol rehabilitation facilities), restricted living quarters(e.g., hotels, resorts, camps, dormitories, and barracks), and the like.Certain controlled-environment facilities may be thought of as a smallcommunity or city, perhaps walled or otherwise access restricted,wherein various activities occur within the community and between thecommunity and those outside the community in the daily operationthereof. Such a community may include a number of individuals andenterprises directly associated therewith, including management, staff,and inmates, residents, patients, or guests (herein referred to as“residents”), and a number of individuals and enterprises indirectlyassociated therewith, including friends and family of residents,vendors, government agencies, providers of services to residents, andindividuals connections to the facility or its residents.

In one exemplary, non-limiting embodiment, a method may comprisedetermining the identity of a party to a telephone call by continuouslymonitoring a biometric feature of that party while the telephone call isin progress. If authentication fails while the call is ongoing,appropriate action may be taken. For instance, the call may beterminated, a warning may be issued, the call may be recorded,authorities may be allowed to listen in, etc. In another exemplary,non-limiting embodiment, a system may comprise a biometric sensor thatis built into a telephone handset or otherwise placed near the telephoneat a location where it is accessible to persons operating the telephone.The biometric sensor may take biometric readings of telephone userscontinuously, at selected time intervals, or upon the occurrence of aspecific event, such as, for instance, a change in voice tone or print,the presence of a keyword or sound in the conversation, the expirationof a time limit, or the like. In addition, the system may comprise adatabase for verifying the biometric traits or the identity of personswho have used the telephone, and for storing a call record or atelephone conversation. Hence, an investigator may later retrieve thoserecords and determine the identities of one or more of the parties thatactually participated in the call and/or of one or more parties thatparticipated in the call at particular times during the call.

The present invention has numerous advantages. For example, whereasprior art PIN and biometric authentication mechanisms only verify theidentity of persons attempting to gain access to a device, the presentinvention may verify the identity of persons who have actually operatedthe device. For instance, if a person uses another's PIN to place atelephone call, the present invention may detect, via continuousbiometric monitoring, that the PIN or biometric sample used to obtainaccess to the telephone does not belong to the person actuallyparticipating in the call. Moreover, if a person successfully completesan initial authentication procedure and subsequently hands off the phoneto another person while the call is ongoing, the present invention mayalso detect that change and take appropriate action.

The foregoing has outlined rather broadly the features and technicaladvantages of the present invention in order that the detaileddescription of the invention that follows may be better understood.Additional features and advantages of the invention will be describedhereinafter which form the subject of the claims of the invention. Itshould be appreciated by those skilled in the art that the conceptionand specific embodiment disclosed may be readily utilized as a basis formodifying or designing other structures for carrying out the samepurposes of the present invention. It should also be realized by thoseskilled in the art that such equivalent constructions do not depart fromthe spirit and scope of the invention as set forth in the appendedclaims. The novel features which are believed to be characteristic ofthe invention, both as to its organization and method of operation,together with further objects and advantages will be better understoodfrom the following description when considered in connection with theaccompanying figures. It is to be expressly understood, however, thateach of the figures is provided for the purpose of illustration anddescription only and is not intended as a definition of the limits ofthe present invention.

BRIEF DESCRIPTION OF THE DRAWING

For a more complete understanding of the present invention, reference isnow made to the following descriptions taken in conjunction with theaccompanying drawings, in which:

FIG. 1 is a high-level block diagram illustrating one embodiment of thepresent invention;

FIG. 2 is a high-level block diagram illustrating a system which isadapted for use according to one embodiment of the present invention;

FIGS. 3A-3C show biometric telephone handsets used in certainembodiments of the present invention;

FIGS. 4A and 4B show biometric computer mice used in other embodimentsof the present invention;

FIG. 5 is a flowchart illustrating steps that may be performed duringoperation of certain embodiments of the present invention; and

FIG. 6 depicts a block diagram of a computer system adapted for useaccording to embodiments of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

FIG. 1 is a high-level block diagram of Continuous Biometric Monitoring(CBM) system 100, according to an exemplary embodiment of the presentinvention. Biometric array 101 may have one or more biometric sensors(or scanners) 102-1, 102-2, . . . , 102-N (collectively “sensors 102”).Each of sensors 102 may be adapted to scan, for example: a physicalbiometric trait such as a fingerprint, thumbprint, or hand geometry; anaural biometric trait such as a voice or sound; or a visual biometrictrait such as a retina, iris, or face. Sensors 102 may be any biometricsensor or scanner now existing or yet to be developed. Sensors 102 areconnected to processor 104 of CBM module 103. Processor 104 is operableto execute CBM application 105. Processor 102 is also connected tobiometric records database 106 and activity log database 107. Accordingto certain embodiments of the present invention, any one or more ofbiometric array 101, processor 104, biometric records database 106, andactivity log database 107 may be disposed within a call processingsystem. According to other embodiments, any one or more of theseelements may be located at a user terminal (e.g., a telephone).Additionally or alternatively, any one or more of these elements may beremotely located with respect to the other components of CBS system 100.

In one exemplary embodiment, a user may attempt to operate a device (notshown) that is associated with biometric array 101. Biometric array 101may be mounted on or built into the device, and at least one sensor 102of biometric array 101 may continuously acquire at least one biometricsample from the operator while he or she operates the device. Accordingto certain aspects of this exemplary embodiment, the “continuousmonitoring” performed by CBS system 100 may be such that the interval oftime between the acquisition of successive biometric samples from theoperator is small compared to times typically required by actionsperformed by the operator during normal device operation. Further, itshould be noted that continuous biometric reading may take placeregardless of and/or in addition to an initially successfulauthentication procedure.

Biometric readings are communicated to processor 104, which executesinstructions contained in CBM application 105. Processor 104 thencompares biometric samples acquired by array 101 with biometric recordsor files stored in biometric records database 106. If the user'sidentity changes while the device is being operated, processor 104 maytake appropriate action. For example, under the direction ofinstructions contained in CBM application 105, processor 104 may blockaccess to the device by the unauthorized user. Alternatively, processor104 may play an announcement to the parties involved in the operation ofthe device, place restrictions or otherwise limit functionalityavailable to the current device operator, alert the authorities incharge of supervising operation of the device, and/or monitor or alterparameters related to the device's operation (e.g., increase sensitivityof 3-way call detection, increase level of web content filter, etc.),among others.

Processor 104 may record usage and other information in activity logdatabase 107, including which operations were performed, the begin andend times of each operation, the biometric traits of the operator, theidentity of the operator, as well as particular characteristics of theoperation (e.g., telephone number dialed, a website visited, etc.),among others. This information may later be used, for example, asevidence to prove which persons actually participated in the operationof the device. Furthermore, in some situations, processor 104 may alsorecord the operation itself in activity log database 107. For example,where the device is telephone, the telephone conversation may be storedin database 107 along with the associated usage information.

As a person of ordinary skill in the art will readily recognize in lightof the present disclosure, system 100 may be employed in a wide varietyof situations. Nonetheless, system 100 is particularly well suited foruse in the monitoring of inmates' phone calls made to or from a prison.As previously noted, the unique problem involved in the monitoring of aprison's telephone system is that inmates constantly attempt tocircumvent authentication procedures. For example, an inmate havinganother's PIN may gain access to the telephone system while avoidingparticular call restrictions that would otherwise be applied to his orher calls. Moreover, an inmate may have his or her biometric featurescanned by the biometric authorization mechanism and then hand the phoneoff to another inmate who actually conducts the call. The inventorhereof has discovered that a solution to the aforementioned problemincludes verifying the inmate's identity using continuous biometricmonitoring as disclosed herein.

In one embodiment of the present invention, while at least one sensor(e.g., 102-1) continuously monitors a first biometric trait of the user,at least one other sensor (e.g., 102-2) monitors a second biometrictrait of that user at selected time intervals, periodically, and/or uponthe occurrence of a specific event, such as, for example, change invoice tone or print, detection of a keyword in the conversation,expiration of a time limit, etc. For instance, sensor 102-1 maycontinuously acquire a voice print from the user during a telephoneconversation. If the voice print changes during the call, sensor 102-2may scan the user's fingerprint in order to confirm the user's identity.

FIG. 2 is a high-level block diagram of system 200 that is adapted foruse according to an exemplary embodiment of the present invention.Inmate phone 201 (i.e., device) may be coupled to biometric array 101.Alternatively, biometric array 101 may be placed in proximity to inmatephone 201, so that a biometric trait of an inmate placing or receiving aphone call (i.e., device operator) from inmate phone 201 may becontinuously monitored by at least one sensor of biometric array 101during normal operation of inmate phone 201. Other biometric sensors ofbiometric array 101 may also take other biometric readings from theinmate at selected time intervals or upon the occurrence of a specificevent. In one embodiment, at least one biometric sensor of biometricarray 101 may be disposed to passively interface with the inmate so thatthe inmate does not have to perform any special action(s) for the sensorto acquire biometric samples from him or her. In another embodiment,system 200 may change the way it acquires biometric samples during acall. For example, system 200 may vary the way it acquires samples orthe time intervals at which biometric readings are taken. Alternativelyor additionally, system 200 may alternate which sensors of biometricarray 101 perform biometric readings at any time. As such, system 200may make it difficult or impossible for inmates to learn how tocircumvent its monitoring.

Biometric array 101 is connected to CBM module 103, which may verify theinmate's identity. In one embodiment, biometric array 101 communicateswith CBM module 103 via the phone line used by inmate phone 210.Biometric array 101 may also connected to CBM module 103 by dedicatedwires, wirelessly (e.g., IEEE 802.11), or via a computer network. Inother embodiments, CBM module 103 (or some portion thereof) may beembedded within inmate phone 210. Communications between inmate phone201 and external phone 203 may travel through telephone switch 202, suchas may comprise part of a service provider's call processing system ormay be part of the Public Switched Telephone Network (PSTN), and whichis connected to CBM module 103.

CBM module 103 may take action as specified by CBM application 105depending upon whether identity verification is successful with respectto a call in progress. For example, CBM module 103 may control switch202 in order to disconnect an ongoing call being conducted by an inmateother than the inmate initially authorized to participate in the call.CBM module 103 may also control switch 202 to tap into a phone call inorder to allow authorities 204 to listen to an unauthorized ongoingconversation.

In one embodiment, an inmate enters a PIN number into inmate phone 201to obtain initial identity verification in order to place or receive acall. In another embodiment, an inmate's Radio Frequency Identification(RFID) tag or bracelet is detected by an RFID reader (not shown)connected to CBM module 103 for granting initial access to inmate phone201. Alternatively, the inmate engages biometric array 101 to perform aninitial authentication procedure. Even after the inmate's identity hasbeen verified, biometric array 101 may continue to monitor one or moreof the inmate's biometric features. For example, one sensor of biometricarray 101 may take biometric samples continuously while another sensormay take other biometric samples at selected time intervals, and/or uponthe occurrence of a specific event, such as, for example, change invoice tone or print, presence of a keyword in the conversation, or theexpiration of a time limit. In one embodiment, the conversation iscontinuously monitored for a change in voice print. Upon detection ofchange in voice print, system 200 may confirm the identity of the inmatecurrently the phone by taking another type of biometric sample from theinmate. Exemplary systems and methods for cross-hatching biometricswhich may be used in conjunctions with system 200 are described in theabove-referenced U.S. patent application entitled “SYSTEMS AND METHODSFOR CROSS-HATCHING BIOMETRICS WITH OTHER IDENTIFYING DATA.” By usingbiometric cross-hatching, system 200 may increase the confidence levelthat the same inmate who was initially authorized to make or receive thecall is the one actually conducting the conversation. In addition,system 200 may be used to monitor and record unlawful or undesirableactivities in a call log database. And, as a person of ordinary skill inthe art will readily recognize in light of this disclosure, system 200may be used in a wide variety of environments where it may be necessaryto determine the identity of a person who is actually operating adevice.

FIGS. 3A-3C are diagrams of biometric telephone handsets 301-A, 301-B,and 301-C (collectively “handsets 301”), which may be used in certainembodiments of the present invention. For example, biometric telephonehandsets 301 may comprise biometric array 101 shown in the embodimentdepicted in FIG. 2. In one embodiment, biometric handsets 301 may eachinclude at least one biometric sensor 302-A, 302-B, and 302-C(collectively “sensors 302[), respectively disposed thereon. Forexample, sensors 302-A and 302-B may be adapted to scan thumbprints,whereas sensor 302-C may be adapted to scan one or more fingerprints. Inalternative embodiments, sensor 302-C may be placed on the oppositesurface of handset 301-C, and may be adapted to scan a hand feature.Moreover, more than one sensor 302 may be built into or coupled to asingle handset 301.

Referring back to FIG. 1, system 100 need not be restricted totraditional telephone applications, but it may also be used, forexample, in Voice over Internet Protocol (VoIP) applications. Forexample, a user may operate a computer system in order to make orreceive a VoIP call. In this case, biometric array 101 may be placed,for instance, on a mouse or keyboard connected to the computer system.

FIGS. 4A and 4B are diagram of biometric computer mice 401-A and 401 -B(collectively “mice 401”), which may be used in certain embodiments ofthe present invention. For example, biometric mice 401 may be used asbiometric array 101 shown in the embodiment depicted in FIG. 2 andattached to a computer system (device), where the computer system mayperform at least some of the functions of system 100. In one embodiment,biometric computer mice 401 may each include at least one biometricsensor 402-A and 402-B (collectively “sensors 402”) disposed thereon.For example, sensor 402-A may be adapted to scan a thumbprint, whereassensor 402-B may be adapted to scan a fingerprint. In an alternativeembodiment, sensor 402-C may be placed on the top surface of mice 401and may be adapted to scan a hand feature. Also, more than one sensor402 may be used on a mouse 401.

In one embodiment, the computer system may be accessible in a restrictedmanner. In another embodiment, access to a computer program residing inthe computer system, or a particular feature of the computer program,may be restricted to authorized users. In yet another embodiment, awebsite may be accessible in a restricted manner. For example, uponreceiving a request for access, a restricted website may send oractivate an authentication program within the computer system. Theauthentication program may contain instructions for performingcontinuous biometric monitoring while users visit the website.

In one embodiment, a user enters a password or a combination of usernameand password in order to make or receive a VoIP call and/or to gainaccess to a computer system, program, or website. Alternatively, theuser may provide a biometric sample for initial identity verificationvia mouse 401. After the user has been granted access, mouse 401 maycontinuously take biometric samples from the user in order to verify theidentity of the user while the VoIP call is in progress or while thecomputer system, program, or website is being accessed. The computersystem compares biometric samples acquired by mouse 401 with biometricrecords or files stored in the computer. If the user's identifyverification fails while he or she is conducting the VoIP call oraccessing the computer, program, or website, processor 104 may takeappropriate action. As such, the computer system may guarantee that thesame user who was initially authorized to use the system, program, orwebsite is the one actually using it. In addition, the computer systemmay be used to monitor and record the user's activities.

FIG. 5 is a flowchart illustrating steps that may be performed incarrying out functions of described embodiments of the presentinvention, for example, as shown in FIG. 2. In step 501, an inmate mayuse a telephone to start an initial authentication procedure, forexample, by inputting a PIN or by having an RFID device scanned by anRFID reader. Alternatively, the inmate may initiate the authenticationprocedure by having a biometric trait acquired by a biometric sensor.After successful completion of initial authentication step 501,biometric samples may continuously be monitored in step 503. Otherbiometric samples may also be monitored at selected time intervalsand/or upon the occurrence of a specific event, such as, for instance, achange in voice tone or print, the presence of a keyword in theconversation, and the expiration of a time limit.

Still in step 503, a match is sought for biometric samples acquired anda determination is made of whether the identity of the inmate currentlyparticipating in the ongoing telephone call matches the identity of theinmate originally authorized to place or receive the call. If thecontinuous authentication of steps 502 and 503 fails, appropriate actionmay be taken in step 504. For example, the ongoing call may bedisconnected, a warning may be issued to the inmate or a third party,the call may be recorded, and/or authorities may be requested to listento the conversation. Others actions may include recording usageparameters, including the called or calling number, the begin and endtimes of the call, the biometric traits of the inmate who initiallyauthenticated the call along with her identity, the biometric traits ofthe inmate who actually participated in the call along with heridentity, and/or a recording of the conversation.

FIG. 6 illustrates computer system 600 adapted to use embodiments of thepresent invention, e.g., storing and/or executing software associatedwith embodiments described herein. Particularly, computer system 600 maybe adapted to be used as CBM module 103, depicted in FIGS. 1 and 2.Central processing unit (CPU) 601 is coupled to system bus 602. CPU 601may be any general purpose CPU. However, embodiments of the presentinvention are not restricted by the architecture of CPU 601 as long asCPU 601 supports the inventive operations as described herein. Bus 602is coupled to random access memory (RAM) 603, which may be SRAM, DRAM,or SDRAM. ROM 604 is also coupled to bus 602, which may be PROM, EPROM,or EEPROM. RAM 603 and ROM 604 hold user and system data and programs asis well known in the art.

Bus 602 is also coupled to input/output (I/O) controller card 605,communications adapter card 611, user interface card 608, and displaycard 609. I/O adapter card 605 connects storage devices 606, such as oneor more of a hard drive, a CD drive, a floppy disk drive, a tape drive,to computer system 600. In one embodiment, storage devices 606 maycomprise biometric records database 106 and call log database 107,depicted in FIGS. 1 and 2. I/O adapter 605 is also connected to aprinter (not shown), which may allow the system to print paper copies ofinformation such as documents, photographs, articles, and the like. Notethat the printer may be a printer (e.g., dot matrix, laser, and thelike), a fax machine, scanner, or a copier machine. Communications card611 is adapted to couple the computer system 600 to network 612, whichmay be one or more of a telephone network, a local (LAN) and/or awide-area (WAN) network, an Ethernet network, and/or the Internetnetwork. Communications card 611 may also allow computer system 601 tocommunicate with telephone switch 202, depicted in FIG. 2. Userinterface card 608 couples user input devices, such as keyboard 613,pointing device 607, and the like, to computer system 600. Display card609 is driven by CPU 601 to control the display on display device 610.

Program, software, and code segments making up the various embodimentsof the present invention, including CBM application 105 (depicted inFIG. 1), may be stored in a computer readable medium or transmitted by acomputer data signal embodied in a carrier wave, or a signal modulatedby a carrier, over a transmission medium. The term “computer readablemedium” may include any medium that can store or transfer information.Examples of the computer readable medium include an electronic circuit,a semiconductor memory device, a ROM, a flash memory, an erasable ROM(EROM), a floppy diskette, a compact disk CD-ROM, an optical disk, ahard disk, a fiber optic medium, a radio frequency (RF) link, and thelike. A computer data signal may include any signal that can propagateover a transmission medium such as electronic network channels, opticalfibers, air, electromagnetic, RF links, and the like. Furthermore, codesegments described herein may be downloaded via computer networks suchas the Internet, Intranet, and the like.

Although aspects of the present invention and their advantages have beendescribed in detail, it should be understood that various changes,substitutions and alterations can be made herein without departing fromthe spirit and scope of the invention as defined by the appended claims.Moreover, the scope of the present application is not intended to belimited to the particular embodiments of the process, machine,manufacture, means, methods, and steps described in the specification.As a person of ordinary skill in the art will readily appreciate fromthe disclosure of the present invention, processes, machines,manufacture, means, methods, or steps, presently existing or later to bedeveloped that perform substantially the same function or achievesubstantially the same result as the corresponding embodiments describedherein may be utilized according to the present invention. Accordingly,the appended claims are intended to include within their scope suchprocesses, machines, manufacture, means, methods, or steps.

1. A method comprising: authorizing a resident of acontrolled-environment facility to participate in a telephone call;continuously monitoring a first biometric trait of a personparticipating in the telephone call; and verifying whether the firstbiometric trait of the person participating in the telephone callbelongs to the authorized resident.
 2. The method of claim 1 wherein thecontrolled-environment facility is a prison.
 3. The method of claim 1wherein authorizing the resident to participate in the telephone callcomprises requesting that the resident provide a personal identificationnumber.
 4. The method of claim 1 wherein authorizing the resident toparticipate in the telephone call comprises acquiring a biometric samplefrom the resident.
 5. The method of claim 1 wherein authorizing theresident to participate in the telephone call comprises acquiring anRFID information associated with the resident
 6. The method of claim 1further comprising monitoring a second biometric trait of the personparticipating in the telephone call at selected time intervals forconfirming an identity of that person.
 7. The method of claim 1 furthercomprising monitoring a second biometric trait of the personparticipating in the telephone call upon the occurrence of an eventdetected via the monitoring of the first biometric trait.
 8. The methodof claim 1 further comprising terminating the telephone call if thebiometric trait of the person participating in the telephone call doesnot belong to the authorized resident.
 9. The method of claim 1 furthercomprising blocking a telephone function if the first biometric trait ofthat person does not belong to the authorized resident.
 10. The methodof claim 1 further comprising alerting a party if the biometric trait ofthe person participating in the telephone call does not belong to theauthorized resident.
 11. The method of claim 1 further comprisingrecording an identity of the person participating in the telephone callif the first biometric trait of that person does not belong to theauthorized resident.
 12. The method of claim 1 further comprisingrecording at least a portion of the telephone call if the firstbiometric trait of the person participating in the telephone call doesnot belong to the authorized resident.
 13. The method of claim 12further comprising storing the portion of the telephone call along withthe first biometric trait of the person participating in the portion ofthe telephone call.
 14. A call processing system for monitoring anidentity a resident of a controlled environment facility participatingin an ongoing telephone call, the call processing system comprising: abiometric sensor associated with a controlled-environment facility'stelephone; and a continuous biometric monitoring (CBM) module coupled tothe biometric sensor and adapted to continuously acquire a biometricsample from the resident during the ongoing telephone call.
 15. The callprocessing system of claim 14, wherein the biometric sensor ispositioned to passively acquire the biometric sample from the resident.16. The call processing system of claim 14 wherein the CBM module isadapted to determine the identity of the resident by comparing thebiometric sample acquired from the resident with a biometric recordstored in a biometric records database.
 17. The call processing systemof claim 14 wherein the CBM module is adapted to use the biometricsample to verify, during the ongoing telephone call, whether a biometrictrait of the resident belongs to an authorized resident.
 18. The callprocessing system of claim 14 wherein the CBM module is adapted to usethe biometric sample to determine the identity of the residentparticipating in the ongoing telephone call has changed during the call.19. The call processing system of claim 14 further comprising atelephone switch connected to the CBM module.
 20. The call processingsystem of claim 19 wherein the telephone switch is adapted to terminatethe ongoing telephone call if the resident is not authorized toparticipate in the ongoing telephone call.
 21. The call processingsystem of claim 19 wherein the telephone switch is adapted to issue awarning if the resident is not authorized to participate in the ongoingtelephone call.
 22. The call processing system of claim 19 wherein thetelephone switch is adapted to allow authorities to listen in theongoing telephone call if the resident is not authorized to participatein the ongoing telephone call.
 23. The call processing system of claim19 wherein the CBM module is adapted to record the ongoing telephonecall if the resident is not authorized to participate in the ongoingtelephone call.
 24. A biometric telephone handset for use in acontrolled-environment facility's telephone system, the handsetcomprising: a first physical biometric sensor adapted to continuouslyscan a first physical biometric trait of a resident during an ongoingtelephone call.
 25. The biometric telephone handset of claim 24 whereinthe controlled-environment facility is a prison.
 26. The biometrictelephone handset of claim 24 wherein the first biometric sensor is afingerprint scanner.
 27. The biometric telephone handset of claim 24wherein the first biometric sensor is a handprint scanner.
 28. Thebiometric telephone handset of claim 24 further comprising a secondbiometric sensor adapted to scan a second biometric trait of theresident during the ongoing telephone call.
 29. The biometric telephonehandset of claim 28 wherein the second biometric sensor scans the secondbiometric trait at selected time intervals.
 30. The biometric telephonehandset of claim 28 wherein the second biometric sensor scans the secondbiometric trait upon the occurrence of an event.